YouTip LogoYouTip

Linux Comm Nmap

[![Image 1: Linux Command Manual](#) Linux Command Manual](#) * * * nmap (Network Mapper) is one of the most powerful network discovery and security auditing tools in Linux systems. It helps system administrators and security professionals: * Discover active hosts on the network * Scan open ports and services * Identify operating system types and versions * Detect vulnerabilities in network services Due to its flexibility, powerful features, and cross-platform capabilities, nmap is widely used in network security assessments, system administration, network monitoring, and other fields. * * * ## Basic Syntax The basic command format for nmap is as follows: nmap {Target Specification} Where: * `Scan Type`: Specifies the scanning technique used by nmap * `Options`: Various parameters to configure scanning behavior * `Target Specification`: Can be an IP address, hostname, or IP range * * * ## Common Scan Types ### TCP SYN Scan (-sS) The most commonly used and default scanning method, also known as "half-open scan": nmap -sS 192.168.1.1 Features: * Fast and stealthy * Does not complete TCP three-way handshake * Requires root privileges ### TCP Connect Scan (-sT) Standard TCP connect scan: nmap -sT 192.168.1.1 Features: * Does not require root privileges * Establishes complete TCP connection * Slower and easier to detect ### UDP Scan (-sU) Scan UDP ports: nmap -sU 192.168.1.1 Features: * UDP scanning is slower * Many UDP services do not respond * Requires root privileges ### OS Detection (-O) Identify the target host's operating system: nmap -O 192.168.1.1 * * * ## Common Options ### Port Specification (-p) Scan specific ports or port ranges: ## Examples nmap-p 80,443 192.168.1.1 # Scan ports 80 and 443 nmap-p 1-100 192.168.1.1 # Scan ports 1-100 nmap-p- 192.168.1.1 # Scan all 65535 ports ### Service Version Detection (-sV) Probe detailed version information of services: nmap -sV 192.168.1.1 ### Scan Speed (-T) Control scan speed (0-5, higher number means faster): nmap -T4 192.168.1.1 # Faster scan speed ### Output Formats Multiple output format options: ## Examples nmap-oN result.txt 192.168.1.1 # Normal text format nmap-oX result.xml 192.168.1.1 # XML format nmap-oG result.gnmap 192.168.1.1 # Grepable format * * * ## Practical Examples ### Basic Network Scan nmap 192.168.1.1 Output example: Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-01 10:00 UTCNmap scan report for 192.168.1.1Host is up (0.045s latency).Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https ### Comprehensive Scan (OS + Service Version) nmap -A 192.168.1.1 ### Scan Entire Subnet nmap 192.168.1.0/24 ### Read Target List from File nmap -iL targets.txt * * * ## Scan Result Interpretation Port state meanings in nmap output: | State | Description | | --- | --- | | open | Port is open and has an application listening | | closed | Port is closed (host reachable, but no application listening) | | filtered | Port is filtered by firewall/network, state cannot be determined | | unfiltered | Port is accessible, but cannot determine if open or closed (used in ACK scans) | | open|filtered | Cannot determine if port is open or filtered (common in UDP scans) | | closed|filtered | Cannot determine if port is closed or filtered | * * * ## Security and Legal Considerations 1. **Legal Use**: Only scan networks and systems you have permission to scan 2. **Obtain Authorization**: Ensure written authorization before use in enterprise networks 3. **Avoid Abuse**: Large-scale rapid scanning may be considered attack behavior 4. **Respect Privacy**: Do not scan network resources that do not belong to you * * * ## Advanced Techniques ### Bypassing Firewalls ## Examples nmap-f--mtu 24 192.168.1.1 # Use fragmentation nmap--data-length 100 192.168.1.1 # Add random data nmap-D RND:5 192.168.1.1 # Decoy scan ### Scheduled Scan Script ## Example #!/bin/bash DATE=$(date +%Y%m%d) nmap-sS-p--T4-oN scan_$DATE.log 192.168.1.0/24 ### Result Comparison ndiff scan1.xml scan2.xml * * * ## FAQ **Q: Why does nmap scanning require root privileges?** A: Certain scan types (such as SYN scans) require direct manipulation of network packets, which requires root privileges. **Q: How to speed up scanning?** A: Use `-T4` or `-T5` options, reduce timeout values, or limit the port range to scan. **Q: Can nmap scans be detected by firewalls?** A: Depends on scan type and firewall configuration. SYN scans are more stealthy than full connect scans. **Q: How to scan IPv6 addresses?** A: Use IPv6 address directly: `nmap 2001:db8::1` * * * ## Recommended Learning Resources 1. Official documentation: `man nmap` 2. Nmap official book: "Nmap Network Scanning" 3. Online tutorial: [https://nmap.org/book/toc.html](https://nmap.org/book/toc.html) 4. Interactive learning: [https://tryhackme.com/room/furthernmap](https://tryhackme.com/room/furthernmap) By mastering nmap, you will have powerful network discovery capabilities, laying a solid foundation for system administration and network security work. It is recommended to start with simple scans and gradually try more complex options and techniques. * * Linux Command Manual](#)
← Linux Comm IperfLinux Comm Nslookup β†’